diff --git a/roles/common/tasks/iptables_Debian.yml b/roles/common/tasks/iptables_Debian.yml
index 7a90b16..497ce39 100644
--- a/roles/common/tasks/iptables_Debian.yml
+++ b/roles/common/tasks/iptables_Debian.yml
@@ -1,6 +1,6 @@
 ---
 - name: Install firewalld and deps
-  when: ansible_distribution_major_version == '8'
+  when: ansible_distribution_major_version | version_compare('8', '==')
   apt: pkg={{ item }} state=latest
   with_items:
     - firewalld
@@ -8,11 +8,11 @@
   tags: packages
 
 - name: Copy firewalld public zone file
-  when: ansible_distribution_major_version == '8'
+  when: ansible_distribution_major_version | version_compare('8', '==')
   template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
 
 - name: Format public.xml firewalld zone file
-  when: ansible_distribution_major_version == '8'
+  when: ansible_distribution_major_version | version_compare('8', '==')
   shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
   notify:
     - restart firewalld
diff --git a/roles/common/tasks/iptables_Ubuntu.yml b/roles/common/tasks/iptables_Ubuntu.yml
index e13becd..39f7a9a 100644
--- a/roles/common/tasks/iptables_Ubuntu.yml
+++ b/roles/common/tasks/iptables_Ubuntu.yml
@@ -1,23 +1,23 @@
 ---
 - name: Install iptables-persistent
-  when: ansible_distribution_version == '14.04'
+  when: ansible_distribution_version | version_compare('14.04', '==')
   apt: pkg=iptables-persistent update_cache=yes
   tags: packages
 
 - name: Copy /etc/iptables/rules.v4
-  when: ansible_distribution_version == '14.04'
+  when: ansible_distribution_version | version_compare('14.04', '==')
   template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
   notify:
     - restart iptables-persistent
 
 - name: Copy /etc/iptables/rules.v6
-  when: ansible_distribution_version == '14.04'
+  when: ansible_distribution_version | version_compare('14.04', '==')
   template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
   notify:
     - restart iptables-persistent
 
 - name: Install firewalld and deps
-  when: ansible_distribution_version >= '15.04'
+  when: ansible_distribution_version | version_compare('15.04', '>=')
   apt: pkg={{ item }} state=latest
   with_items:
     - firewalld
@@ -25,11 +25,11 @@
   tags: packages
 
 - name: Copy firewalld public zone file
-  when: ansible_distribution_version >= '15.04'
+  when: ansible_distribution_version | version_compare('15.04', '>=')
   template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
 
 - name: Format public.xml firewalld zone file
-  when: ansible_distribution_version >= '15.04'
+  when: ansible_distribution_version | version_compare('15.04', '>=')
   shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
   notify:
     - restart firewalld
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index d739bf5..43d85e4 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -5,7 +5,7 @@
 
 - name: Add GPG key for Extras repo
   apt_key: id=0xC47415DFF48C09645B78609416126D3A3E5C1192 url=https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC47415DFF48C09645B78609416126D3A3E5C1192 state=present
-  when: ansible_distribution_version == '14.04'
+  when: ansible_distribution_version | version_compare('14.04', '==')
 
 - name: Upgrade base OS
   apt: upgrade=dist update_cache=yes
diff --git a/roles/common/templates/sources.list.j2 b/roles/common/templates/sources.list.j2
index 7ef5c5a..d80dc79 100644
--- a/roles/common/templates/sources.list.j2
+++ b/roles/common/templates/sources.list.j2
@@ -15,7 +15,7 @@ deb http://{{ apt_mirror }}/ubuntu/ {{ ansible_distribution_release }}-updates m
 ###### Ubuntu Partner Repo
 deb http://archive.canonical.com/ubuntu {{ ansible_distribution_release }} partner
 
-{% if ansible_distribution_version == '14.04' %}
+{% if ansible_distribution_version | version_compare('14.04', '==') %}
 {# extras repo was discontinued after 14.10, but the latest we deploy is 14.04 #}
 ###### Ubuntu Extras Repo
 deb http://extras.ubuntu.com/ubuntu {{ ansible_distribution_release }} main
diff --git a/roles/nginx/tasks/letsencrypt.yml b/roles/nginx/tasks/letsencrypt.yml
index b5446d1..1260751 100644
--- a/roles/nginx/tasks/letsencrypt.yml
+++ b/roles/nginx/tasks/letsencrypt.yml
@@ -22,7 +22,7 @@
 # dependencies certbot checks for on its first run
 # taken from running certbot right after a clean Ubuntu 16.04 install
 - name: Install certbot dependencies (Ubuntu 16.04)
-  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version == '16.04'
+  when: ansible_distribution == 'Ubuntu' and ansible_distribution_version | version_compare('16.04', '==')
   apt: name={{ item }} state=present update_cache=yes
   with_items:
     - augeas-doc
diff --git a/roles/nginx/templates/vhost.conf.j2 b/roles/nginx/templates/vhost.conf.j2
index 7b19677..c0e1eca 100644
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@@ -63,7 +63,7 @@ server {
         # See: https://httpoxy.org/
         fastcgi_param HTTP_PROXY "";
 
-        {% if ansible_distribution_version == '16.04' %}
+        {% if ansible_distribution_version | version_compare('16.04', '==') %}
         fastcgi_pass unix:/run/php/php7.0-fpm-{{ domain_name }}.sock;
         {% else %}
         fastcgi_pass unix:/var/run/php5-fpm-{{ domain_name }}.sock;